CVE-2021-26314 - Exposure of Resource to Wrong Sphere

Severity

55%

Complexity

18%

Confidentiality

60%

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

CVSS 3.1 Base Score 5.5. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

CVSS 2.0 Base Score 2.1. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N).

Overview

Type

Intel

First reported 3 years ago

2021-06-09 12:15:00

Last updated 3 years ago

2021-06-17 03:15:00

Affected Software

Intel Core i7-7700K

Intel Core i9-9900K

Intel Xeon Silver 4214

References

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003

[oss-security] 20210609 Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass

[oss-security] 20210610 Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003

Vendor Advisory

[oss-security] 20210609 Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass

Mailing List, Third Party Advisory

[oss-security] 20210610 Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass

Exploit, Mailing List, Third Party Advisory

FEDORA-2021-41d4347447

FEDORA-2021-993693c914

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.